VIGvisual: A Visualization Tool for the Vigenère Cipher
Transcription
VIGvisual: A Visualization Tool for the Vigenère Cipher
VIGvisual: A Visualization Tool for the Vigenère Cipher Can Li, Jun Ma, Jun Tao, Jean Mayo, Ching-Kuang Shene Department of Computer Science Michigan Technological University Houghton, MI Melissa Keranen Chaoli Wang Department of Mathematical Sciences Michigan Technological University Houghton, MI Department of Computer Science & Engineering University of Notre Dame Notre Dame, IN [email protected] [email protected] {canli,junm,junt,jmayo,shene}@mtu.edu ABSTRACT Well designed pedagogical tools are very useful in helping students understand concepts and practice needed skills. While there are tools available [1, 2, 9], most of them only provide interfaces for encryption and decryption without showing the process, and very few include cryptanalysis. VIGvisual is designed to address this issue by providing an environment so that it can be used in the classroom and for self-study. It is able to animate the Vigenère cipher with a variety of cipher tools, all of which are available for students to practice encryption and decryption with error checking. Furthermore, VIGvisual also helps students learn how to break the Vigenère cipher. VIGvisual uses Kasiski’s method and the Index of Coincidence method for keyword length estimation, and the χ2 method with frequency graphs for keyword recovery. To the best of our knowledge, only [2] offers a similar capability; however, it is just an interactive cryptanalysis environment. VIGvisual goes one step further by offering a more comprehensive visualization component with tools and animation not only for cryptanalysis but also for beginners to learn and practice the Vigenère cipher. In the following, Section 2 discusses the course in which VIGvisual was used and evaluated, Section 3 presents an overview of VIGvisual, Section 4 has our findings from a classroom evaluation, and Section 5 is our conclusion. This paper describes a visualization tool VIGvisual that helps students learn and instructors teach the Vigenère cipher. The software allows the user to visualize both encryption and decryption through a variety of cipher tools. The demo mode is useful and efficient for classroom presentation. The practice mode allows the user to practice encryption and decryption. VIGvisual is quite versatile, providing support for both beginners learning how to encrypt and decrypt, and also for the more advanced users wishing to practice cryptanalysis in the attack mode. Classroom evaluation of the tool was positive. Categories and Subject Descriptors K.3.2 [Computers and Education]: Computer and Information Science Education—Computer science education, information systems education General Terms Algorithms, Security Keywords Cryptography; visualization 2. COURSE INFORMATION VIGvisual was used in a cryptography course, MA3203 Introduction to Cryptography, that is offered out of the Department of Mathematical Sciences at Michigan Technological University. It is a junior level course that gives a basic introduction to the field of cryptography. This course covers classical cryptography, the Data Encryption Standard (DES), the Advanced Encryption Standard (AES), the RSA algorithm, discrete logarithms, hash functions, and elliptic curve cryptography. For each cryptosystem, we study how it was designed, why it works, how one may attack the system, and how it has been used in practice. Understanding classical cryptography is essential to any introductory cryptography course, and one of the major classical cryptosystems is the Vigenère cipher. The Vigenère cipher is a generalization of the monoalphabetic shift cipher, which has a keyword length of one. This cipher is very difficult to present in class because of the long pieces of text that need to be used in order to illustrate the algorithm in a meaningful way. Because VIGvisual was used in the course, students were able to see the encryption algorithm demon- 1. INTRODUCTION The Vigenère cipher appeared in the 1585 book Traicté des Chiffres by Blaise de Vigenère. It is a simple cipher, but for nearly three centuries the Vigenère cipher had not been broken until Friedrich W. Kasiski published his 1863 book [7]. Charles Babbage also broke the cipher with a similar technique in 1846, although he never published his work. Currently, the Vigenère cipher has become a standard topic in many textbooks [4, 8, 10]. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. ITiCSE’15, July 6–8, 2015, Vilnius, Lithuania. c 2015 ACM 978-1-4503-3440-2/15/07 ...$15.00. Copyright DOI: http://dx.doi.org/10.1145/2729094.2742589. 129 strated quickly. This allowed for a more thorough study of the most interesting aspects of the cipher, which are the decryption techniques and attacks. The attack component covers Kasiski’s method, the index of coincidence method, and the χ2 method. 3. SOFTWARE DESCRIPTION VIGvisual supports Linux, MacOS and Windows and has three modes, Demo, Practice and Attack. The Demo mode helps the user visualize the process of encryption and decryption with animation. The Practice mode allows the user to practice encryption and decryption with error checking. The Attack mode offers a chance for the user to learn how to break the Vigenère cipher with Kasiski’s and the Index of Coincidence (IOC) methods, followed by the χ2 method to recover the unknown keyword. 3.1 (a) Vigenère Table The Demo Mode VIGvisual starts with the Demo mode (Figure 1). The top portion has input fields for plaintext, keyword and ciphertext. The user starts a new session with New and enters a plaintext-keyword pair or a ciphertext-keyword pair, or uses RandPT and RandCT to automatically generate a random plaintext-keyword pair and a random ciphertext-keyword pair. This is followed by clicking Encrypt or Decrypt to encrypt or decrypt the entered message. By default, the keyword is repeated and aligned with the original word structure. Clicking Align switches to the view of breaking the plaintext/ciphertext to align with the keyword length. (c) Saint Cyr Slide (b) Cipher Disk Figure 2: Cipher Tools can be moved left or right. The table rows and columns, the movable disk and the bottom slide change according to the triplet of plaintext letter, keyword letter and ciphertext letter. Thus, the instructor has a demo tool for classroom use and the students have a clear view of how the Vigenère cipher performs encryption and decryption. 3.2 The Practice Mode Click the Practice tab to enter the Practice mode (Figure 3). All three tools are available. The user clicks Encrypt or Decrypt to start a new session, and uses Random to generate a random plaintext-keyword or ciphertext-keyword pair, New to start a new session, Redo to redo the current session, and Align to align the plaintext or ciphertext using the keyword length. Then, the user enters a keyword (if Random is not chosen) followed by the expected ciphertext or plaintext. The user may stop at anywhere and click the Check button to check the result. Incorrect letters are marked in red or with question marks if the positions are left as blank. The Answer field shows the correct answer. Figure 1: Screenshot of the Demo Mode The user uses Start and Stop to start and stop an animation, the slider to select an animation speed, and Pre and Next to move to the previous and next position. The corresponding plaintext letter, keyword letter and ciphertext letter are shown in different colors in an animation. The user may bring up one or more tools with buttons Table, Disk and Slide. Figure 2(a) shows the Vigenère table. The plaintext letter under consideration and its column use one color, the corresponding keyword letter and its row use a different one, and the ciphertext letter is at the intersection of the plaintext column and keyword row. The cipher disk has two concentric disks stacked together (Figure 2(b)). The bottom (resp., top) disk, the stationary (resp., movable) one, represents the plaintext (resp., ciphertext) letters and is fixed (resp., rotatable). The user rotates the movable disk so that the keyword letter aligns with the letter A of the stationary disk. Then, the corresponding plaintext and ciphertext letters align together. Figure 2(c) has the Saint Cyr Slide. The upper part is fixed while the lower part Figure 3: Screenshot of the Practice Mode 130 3.3 The Attack Mode Click the Attack button to enter the Attack mode. The user clicks Random to randomly generate a ciphertext or New to start a new session and enter a new ciphertext (Figure 4). The process of breaking a message has two steps: keyword length estimation and keyword recovery. This process may not always be successful, and several iterations may be needed. VIGvisual has several Hint buttons in all windows under the Attack tab, each of which brings up a hint window to either explain what the window and/or algorithm is or provide a chance for the user to do simple exercises. (a) Top Portion (b) Bottom Portion Figure 5: Screenshot of the Kasiski Window by the same letter with an IOC close to 0.068. To apply this idea, for each 1 ≤ k ≤ n, we may divide the ciphertext into k cosets, calculate the IOC of each coset, and calculate the average of the k IOC values. If k is the correct length, each individual IOC is close to 0.068 and their average would also be close to 0.068. The estimated keyword length is the value of k that produces the highest average IOC. Click the IOC button to bring up the IOC window. VIGvisual displays a table (Figure 6). Each row corresponds to a possible keyword length in the range of 1 and 20, and the columns display the cosets, their IOC values, and the average. The highest three average IOC values are shown in blue. The user chooses a high average and clicks the length to export this value to the Attack window. Figure 4: Screenshot of the Attack Mode 3.3.1 Kasiski’s Method VIGvisual provides two methods for keyword length estimation: Kasiski’s method and the Index of Coincidence method. The user clicks Kasiski to use Kasiski’s method. VIGvisual searches the given ciphertext for repeated substrings of length 3 (i.e., trigraph) to 20, computes the distance between each pair of adjacent repeated substrings, finds the factors of this distance, and counts these factors. Kasiski suggested that the factors that occur most often may be good estimates of the length of the keyword [7]. The Kasiski window shows a table in which each row has a distance value and the factors of this distance (Figure 5(a)). The bottom of this table (Figure 5(b)) shows the count of each found factor. The user clicks a factor, which will be shown in yellow, to select that length. This length appears to the right of the Kasiski button in the Attack tab. Repeated substrings are shown on the right panel of the Kasiski window along with their positions and distances. Clicking those repeated substrings can have them highlighted in the original ciphertext. Note that even though “ab” appears in “abcd” and “abce”, only the longest repeated one “abc” is reported. 3.3.2 The Index of Coincidence Method The concept of Index of Coincidence (IOC) was proposed by William F. Friedman in 1922 [3]. The IOC of a string is the probability of having two identical letters in that string. A typical English string without spaces and punctuation has an IOC around 0.068 while a random string of the 26 English letters has an IOC around 0.042. If a plaintext is encrypted by a single letter, the ciphertext is a shift of that letter, and its IOC is equal to that of the plaintext. Therefore, if keyword length is k, we may divide the ciphertext C1 C2 C3 · · · Cn into k cosets S1 , S2 , . . . , Sk where Si = Ci Ci+k Ci+2k . . . (1 ≤ i ≤ k), and each Si is encrypted Figure 6: Screenshot of the IOC Window 3.3.3 Keyword Recovery Once a length estimation is known, the user moves on to keyword recovery. The user clicks the circular button next to the estimated keyword length obtained by Kasiski’s method or the IOC method to make it available in the Select Len 131 field, or modifies this value to her choice. Then, the user clicks the Select Len button to recover the keyword. VIGvisual uses the χ2 method to recover the keyword. Assuming the estimated length k is correct, the ciphertext is divided into k cosets, each of which is encrypted by a single letter. Each coset is shifted one position to the right in a cyclic way. After each shift the letter frequency is computed and compared against the typical English letter frequency. Let Fi and fi (1 ≤ i ≤ 26) be the English letter frequency and calculated letter frequency of letter i, respectively. The χ2 is defined as follows: 26 X (fi − Fi )2 χ2 = Fi j=1 agree, 4:agree, 3:neutral, 2:disagree, and 1:strongly disagree. We collected 25 valid forms. The distribution of majors was as follows: 1 in computer network and system administration (CNSA), 5 in electrical and computer engineering (EE/CpE), 13 in computer science, 1 in mathematics (Math), 1 in chemical engineering, and 4 undeclared. 4.1 General Discussion This paper uses α = 0.05 as the level of significance for all statistical decisions. Our survey showed that 10 and 11 students used the table and slide for their work, and two chose to use the cipher disk. During the evaluation period, on average students used the tool for 13.2 minutes to understand the cipher with standard deviation 7.1 and confidence interval (6.1,20.3). Table 1 has the remaining questions. A lower χ2 value means the letter frequency of a particular shift matches the English letter frequency better. Hence, the letter corresponding to the shift that yields the smallest χ2 is very likely to be the correct letter in the keyword. The Keyword Recovery window displays a table (Figure 7). Each column of this table corresponds to a keyword letter and has the χ2 values of each shift with the smallest one in blue. The letter corresponding to the smallest χ2 is shown in the column heading. The bottom of this window shows the English letter frequency graph in black. The user may click a coset to modify its keyword letter and a letter on the horizontal axis of the frequency graph to examine its frequency graph. The keyword changes accordingly and the frequency graph of that letter appears. The user may click on every letter and investigate the difference between the English letter frequency and the frequency of the selected letter, and pick the best match by examining all frequency graphs. This step is required as the shift corresponding to the smallest χ2 value may not be the best choice, and shifts corresponding to other smaller χ2 values must be examined. Table 1: Survey Questions Q1 Q2 Q3 Q4 Q5 Q6 Q7 Q8 Q9 Q10 The Demo mode helped better understand The Practice mode helped better understand VIGvisual helped identify the parts that were not understood VIGvisual enhanced the course Kasiski helped understand the topic IOC helped understand the topic χ2 helped understand the topic VIGvisual helped understand attack The Demo mode helped self-study The Practice mode helped self-study Q1 and Q2 asked if the Demo mode and the Practice mode helped the students better understand the encryption and decryption processes. The means, standard deviations and confidence intervals were 3.88 and 3.6, 0.6 and 0.87, and (3.64,4.12) and (3.26,3.94). This reflected that the Practice mode was not as helpful as the Demo mode for this simple cipher. Q3 asked the students if VIGvisual helped identify the parts of the Vigenère cipher that they did not understand. The mean, standard deviation and confidence interval were 3.8, 0.65 and (3.55,4.05). Thus, VIGvisual helped students learn the Vigenère cipher. As a result, the rating of Q4 , which asked if VIGvisual enhanced the course, is reasonably high with mean, standard deviation and confidence interval 4.24, 0.52 and (4.04,4.44). Q5 to Q8 asked students to assess if the Kasiski, IOC, χ2 and the Attack components helped them understand the topics. Table 2 has a summary. While the χ2 question (Q7 ) received a lower mean of 3.52, the answer to Q8 has a higher mean of 4.24. This indicated that although the χ2 component may not help students better learn than Kasiski and IOC do, the students actually understood more after using VIGvisual. Note that we cannot reject the means of Q5 (3.96) and Q6 (3.88) being 4 with p-values 0.832 and 0.503, respectively, and the mean of Q7 being 3.75 with a p-value of 0.148. Figure 7: Screenshot of the Keyword Recovery Window Any changes applied to the keyword will also be shown in the Keyword field in the Attack tab. Finally, the user clicks the Decrypt button to decrypt the ciphertext using the current recovered keyword and makes further changes to the keyword in the Keyword Recovery window if needed. 4.2 Further Statistical Analysis The ratings of questions were loosely related to each other. The highest correlation was 0.713 between Q9 and Q10 , and the correlations for question pairs (Q1 , Q2 ), (Q3 , Q9 ), (Q5 Q6 ), (Q6 , Q10 ), (Q7 , Q9 ), (Q7 , Q8 ) and (Q8 , Q9 )were all larger than 0.5. This suggested that ratings of Q5 to Q10 had a positive trend. It is interesting to note that the correlations between Q4 and other questions was mostly neutral, 4. EVALUATION AND ASSESSMENT Our survey consists of two parts, a set of 14 questions and eight write-in comments. Choices available are 5:strongly 132 Table 2: Ratings of the Kasiski, IOC and Attack Components Mean St Dev CI− CI+ Q5 Kasiski 3.96 0.93 3.59 4.33 Q6 IOC 3.88 0.88 3.53 4.23 Q7 χ2 3.52 0.77 3.22 3.82 Table 3: Test Scores Mean St Dev CI Q8 Attack 4.24 0.52 4.04 4.44 4.4 Confidence Interval = (CI−,CI+ ) Quiz 2 5.94 0.35 (5.8,6.0) Student Comments There were eight write-in questions asking students to make suggestions for further development. We focused on the following issues: whether the layout is useful, whether the Demo mode is more helpful than blackboard work, whether the Kasiski’s method, IOC method and the Keyword Recovery component enhance learning, whether new features should be added, and software installation issues. The layout was generally welcomed with comments like “The layout is well done, the tab separation keeps everything organized and each section is clearly labeled”and “Everything was clearly findable. Never got confused”. Students agreed that the system functioned well and was easy to use. The Demo mode vs. blackboard question received some interesting comments. Most students indicated VIGvisual is useful; but a few of them believed “in depth things come from the board” or the “procedures”. Here is a list of student comments in various aspects: “The program was much better than the blackboard since it was faster and easier to understand”, “I prefer the more visual demonstration” and “The demo was better than the use of the chalk board since it was more organized and isolated.”. Since Kasiski, IOC and keyword recovery components require a significant amount of information and require additional knowledge to be used properly, we expected students may encounter some difficulty in comprehending the system. However, most students were satisfied. The following are typical comments: “It [Kasiski] was a little confusing due to the table layout, but it made sense after I figured it out”. “The Kasiski Test tabs was my favorite function of VIGvisual”, “It [IOC] helped me to understand cosets better”, “Having the full [IOC] table enhanced my ability to understand because it showed more than just the answer”, “If it is your first time seeing IOC, it will be hard. If you have a prior understanding, it makes sense”, “The Keyword Recovery window made it easy to see why a keyword was likely to be correct”, and “[Keyword Recovery] was a little hard to understand, but the Hint button helped a lot”. As for new features, the most wanted one is resizable windows and more extensive hints and explanations. Very few students encountered problems installing the system. Those who had problems were mainly due to improperly installed libraries on Mac and some unknown issues on Windows 8.x. VIGvisual ran on Linux and Windows 7 and XP well. as all the correlations were small, which indicated that the higher rating 4.24 of “if VIGvisual enhanced the course” was independent of ratings of other questions. Since the student body consisted of several disciplines (e.g., computer science, electrical and computer engineering, chemical engineering and mathematics), we would like to know if students from different disciplines reacted differently. We only grouped students into computer science (CS) and students not in computer science (non-CS). Since the questions may correlate with each other as mentioned earlier, the questions were also grouped into four groups: (1) Q1 , Q2 , Q3 – the Demo, Practice modes were helpful and VIGvisual helped identify parts that were not understood, (2) Q5 , Q6 , Q7 – the Kasiski, IOC and χ2 components were helpful in general, (3) Q9 , Q10 – the Demo and Practice modes were useful in self-study, and (4) all questions are in a single group. MANOVA (Multivariate ANOVA) was applied to each of the question groups. In addition, we used ANOVA to investigate the difference between the student groups for Q4 – if VIGvisual enhanced the course. While the assumptions of MANOVA (i.e., normality and heteroscedasticity) are stronger than those of ANOVA, MANOVA is reasonably robust in our case [5, 6]. We used the general linear model (GLM) of R to perform all tests at α = 0.05. The computed p-values of the four groups were 0.842, 0.805, 0.511 and 0.502. This suggested that the ratings from CS and non-CS groups did not vary significantly. The ANOVA result for Q4 did not suggest difference at α = 0.05 either. However, the p-value (0.068) is smaller for this question. In summary, we did not find a significant variation among disciplines and question groups. 4.3 Quiz 1 3.94 1.25 (3.5,4.37) A Test Scores Comparison A quiz of six problems that address all aspects of the Vigenère cipher was given after the classroom lecture. Then, we discussed VIGvisual and made the software available. One week later a second quiz was given. This quiz has three questions similar to those in the first quiz and three ciphertexts for the students to practice cryptanalysis. The first ciphertext is trivial and can be broken directly using VIGvisual. The second is still easy, but VIGvisual yields a keyword with one incorrect letter. The third is not so trivial because VIGvisual yields a keyword with three incorrect letters, and the students must work a bit harder to break the ciphertext correctly. Both quizzes have a full score of 6 points (i.e., one point per problem). We collected 33 papers from each quiz, and the results are shown in Table 3. The t-values of comparing the means obtained in various t-tests were all larger than 8.5 with p-values nearly 0, and Cohen’s d is 2.18. This suggested that the difference between the means is significant and the effect size is large. As a result, we concluded that the software contributed to student learning significantly. 4.5 Self-Study Investigation We also invited students who did not take our course for a 2-stage self-study. This small scale survey was used to determine if there was a difference between classroom and self-study with our tool. There were two stages, each stage took about one week. In Stage 1, volunteers were asked to find resources to learn the Vigenère cipher, including Kasiski’s and IOC methods. At the end of Stage 1, students evaluated their progress and completed six quiz problems. 133 In Stage 2, students were provided with VIGvisual and our web-based tutorial. At the end of this stage, students filled in the evaluation form and completed three quiz problems on cryptanalysis. We collected seven completed survey forms from 11 volunteers. Volunteers were usually highly motivated, and, as a result, they received nearly perfect scores in both quizzes. They spent on average 14.29 minutes to understand the cipher with a confidence interval of (6.16, 22.41), which is similar to that of the students in our course. On the other hand, the median of the total time spent on the tool is about 41 minutes, which is much higher than that of the students in our course. We used median instead of average because there was a volunteer who used a very long time to practice cryptanalysis. Except for one volunteer who used the disk and slide, all others used the table. readable, (3) considering an extension or modification to the Keyword Recovery window so that the frequency graph can work alone rather than as part of the χ2 method, (4) extending the error checking in the Practice mode so that errors can be reported on-the-fly, (5) adding the autocorrelation analysis for keyword estimation, and (6) developing a webbased version so that the system would be more “portable” as suggested by some students. VIGvisual is a part of larger development of cryptography visualization tools supported by the National Science Foundation. In addition to VIGvisual, SHAvisual for the Secure Hash Algorithm, DESvisual for the DES cipher, AESvisual for the AES cipher, RSAvisual for RSA cipher, and ECvisual for the elliptic curve based ciphers are available online. Tools, evaluation forms, and installation and user guides for Linux, MacOS and Windows can be found at the following link, from which a complete tutorial of the Vigenère cipher, including cryptanalysis, is available: Table 4: Self-Study Survey Results Class µ Class σ µ σ CI− CI+ p-value Q1 3.88 0.60 3.86 0.69 3.35 4.37 0.95 Q2 3.60 0.87 3.71 0.76 3.15 4.27 0.75 Q3 3.80 0.65 4.00 1.29 3.04 4.96 0.71 Q04 4.24 0.52 4.29 0.76 3.73 4.85 0.88 Q5 3.96 0.93 4.29 0.76 3.73 4.85 0.36 Q6 3.88 0.88 4.29 0.95 3.58 4.99 0.33 Q7 3.52 0.77 4.00 0.89 3.28 4.72 0.23 Q8 4.24 0.52 4.29 1.11 3.46 5.11 0.97 www.cs.mtu.edu/~shene/NSF-4. 6. REFERENCES [1] Cryptool. http://www.cryptool.org. [2] M. E. Dalkilic and C. Gungor. An Interactive Cryptanalysis Algorithm for the Vigenere Cipher. In Proceedings of the First International Conference on Advances in Information Systems, pages 341–351, 2000. [3] W. F. Friedman. The Index of Coincidence and Its Applications in Cryptanalysis. Riverbank Laboratories, 1922. [4] J. Hoffstein, J. Pipher, and J. H. Silverman. An Introduction to Mathematical Cryptography. Springer, 2008. [5] K. Ito. On the Effect of Heteroscedasticity and Nonnormality Upon Some Multivariate Test Procedures. In P. R. Krishnaiah, editor, Multivariate Analysis II. Academic Press, 1969. [6] K. Ito and W. Schull. On the Robustness of the T 2 Test in Multivariate Analysis of Variance When Variance–Covariance Matrices Are Not Equal. Biometrika, 51:71–82, 1964. [7] F. W. Kasiski. Die Geheimschriften und die Dechiffrirkunst. Mittler und Sohn, 1863. [8] D. Salomon. Data Privacy and Security. Springer, 2003. [9] D. Schweitzer and L. Baird. The Design and Use of Interactive Visualization Applets for Teaching Ciphers. In Proceedings of IEEE Information Assurance Workshop, pages 69–75, 2006. [10] W. Trappe and L. C. Washington. Introduction to Cryptography with Code Theory. Prentice-Hall, 2002. µ: mean σ: standard deviation Confidence Interval: (CI− ,CI+ ) Since this survey was about self-study, questions in Table 1 related to classroom presentation were removed. A summary of this self-study results is given in Table 4 in which Q04 is the version of Q4 for self-study. The “Class µ” and “Class σ” rows have the mean values and standard deviation obtained from our classroom survey (Section 4.1 and Table 2). No extensive hypothesis testings were performed because of small sample size. It is interesting to note that Q1 to Q04 were rated similarly in both surveys. On the other hand, students involved in self-study rated our tool higher than those enrolled in our class. Regardless of the sample size issue, t-tests for comparing the means did not suggest any significant differences because the p-values in Table 4 are all larger than 0.1, suggesting no presumption against the null hypothesis (i.e., the corresponding means being equal). Write-in comments were not very different from those obtained from the classroom survey. Hence, we have reasonable evidence to believe that the difference may be small. 5. CONCLUSIONS This paper presented a visualization tool VIGvisual for teaching and learning the Vigenère cipher. With this tool, instructors are able to present all details of the cipher and a complete cryptanalysis procedure using Kasiski’s and the IOC methods for keyword length estimation and the χ2 method for keyword recovery. The animation and cipher tools help students see the “flow” of the cipher, learn the concepts and practice the cryptanalysis steps with VIGvisual. Evaluation results showed that VIGvisual was effective in the classroom presentation and for student self-study. In particular, after using the tools, the students learned cryptanalysis better and gained understanding of the cipher. Based on the student comments, the most needed extensions are (1) resizable windows, (2) making the Vigenère table rows shaded in an alternating way so that it is more Acknowledgements The authors are supported by the National Science Foundation under grants DUE-1140512, DUE-1245310 and IIS1456763. 134